cancel
Showing results for 
Search instead for 
Did you mean: 

GRAC: Initiator based on Business role and System

Former Member
0 Kudos
118

Hi all.

I need to create a Initiator BRF+ based on the System. The problem is we provide Business roles, and those ones does not contain System so i have no idea how to check the value of this field in order to create an initiator rule.

Any suggestion?

Kind regards and thank you.

Sara.

Accepted Solutions (0)

Answers (1)

Answers (1)

madhusap
Active Contributor
0 Kudos

Hi Sara,

If you are using Business Roles, then your business role will have combination of roles from various target systems.

So, defining an initiator rule based on system, i don't think it will work out.

Can you give more details about requirement like if your initiator is defined at Request Type level any implications. Please share more details so that it will be easy to assist.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu.

Background:

  • We have two systems A and B.
  • We have business roles defined but each of them only contains roles from a specific system specific. So for instance Business role, B1, only contains single roles from A system and Business role B2 only contains role from B. This concept will never change. A Business role will never have roles from different systems.
  • Regarding Workflow, both system share the same MSMP and BRF+ configuration. WE have two steps MANAGER and ROLE_OWNER.

Requirement

For system A it is necessary to set up a new workflow, with additional stages.

Possible solution:

Create an initiator rule based on the system.

  • So if the request is for system A goes to path 1
  • If the request goes to system B request goes to path 2

Another solutions:

  • Create an initiator rule based on the role name. Problem? That will be very difficult to maintain.
  • Create an initiator rule based on another field like for example the Business process. Problem? We don't want to modify the current Access Request Process.

In the future many other systems will work with GRC so we need to think in a very escalable solution that could help us in a fester way to include these new target systems.

Regards and thank you in advance.

madhusap
Active Contributor
0 Kudos

Hi Sara,

I have tried your scenario in BRF+ and it is working fine.

1. First created a BRF+ rule

2. Created a Loop to loop through all request Line Items

3. With in the loop created four rules as shown below:

Rule 1

First DB lookup to fetch RoleID2 from table GRACROLERELAT where ROLEID1 = Request Role Line Item Role ID

Rule 2

Second DB lookup to fetch Connector from table GRACRLCONN where AC_REF_ROLE_ID = ROLEID2 fetched from first DB lookup

Fields RoleID2 and COnnector should be declared as Ruleset variables to use them in context

Rule 3

Then Created a decision table using the connector field retrieved from Second DB lookup

Change Routing table structure after processing entries in the decision table

Rule 4

Once done insert the values into Routing table from Routing table structure.

You can try this approach

Regards,

Madhu.